Added configurations for main-site linux host and off-site linux host

Added GNS3 example topology image

main-site/isc-dhcp/dhcpd.conf

@@ -0,0 +1,9 @@
+# /etc/dhcp/dhcpd.conf
+subnet 200.1.0.0 netmask 255.255.0.0 {
+  range 200.1.1.1 200.1.1.254;
+  option routers 200.1.0.1;
+  option broadcast-address 200.1.255.255;
+  default-lease-time 600;
+  max-lease-time 7200;
+}
+

main-site/isc-dhcp/isc-dhcp-server

@@ -0,0 +1,20 @@
+# /etc/default/isc-dhcp-server
+
+# Defaults for isc-dhcp-server (sourced by /etc/init.d/isc-dhcp-server)
+
+# Path to dhcpd's config file (default: /etc/dhcp/dhcpd.conf).
+#DHCPDv4_CONF=/etc/dhcp/dhcpd.conf
+#DHCPDv6_CONF=/etc/dhcp/dhcpd6.conf
+
+# Path to dhcpd's PID file (default: /var/run/dhcpd.pid).
+#DHCPDv4_PID=/var/run/dhcpd.pid
+#DHCPDv6_PID=/var/run/dhcpd6.pid
+
+# Additional options to start dhcpd with.
+#	Don't use options -cf or -pf here; use DHCPD_CONF/ DHCPD_PID instead
+#OPTIONS=""
+
+# On what interfaces should the DHCP server (dhcpd) serve DHCP requests?
+#	Separate multiple interfaces with spaces, e.g. "eth0 eth1".
+INTERFACESv4="bridge0"
+INTERFACESv6=""

main-site/scripts/create-bridge

@@ -0,0 +1,24 @@
+#!/bin/sh
+#
+# This script is for creating a bridge interface, assigning an IP address, and adding physical interface enp2s0 to it.
+
+# Create bridge
+ip link add type bridge
+# name is non deterministic, fix
+# Two addresses are given, one for wireguard peer and one for L2TP tunnel. Seperate addresses are required because the wireguard peer will have one route over the internet, and another route through the wireguard network.
+ip address add 200.1.0.2/16 dev bridge0
+ip address add 200.1.0.3/16 dev bridge0
+
+# Change bridge0 mac address to not conflict with bridge interface of other wireguard peer
+ip link set bridge0 address d6:05:05:32:d1:5d
+
+# Add physical nic to bridge
+ip link set enp2s0 master bridge0
+ip link set enp2s0 up
+ip link set bridge0 up
+
+# Static Routes
+# default
+ip route add default via 200.1.0.1
+# to reach l2tp tunnel interface through wg0
+ip route add 200.1.0.4/32 via 192.168.1.2

main-site/scripts/create-l2tp

@@ -0,0 +1,13 @@
+#!/bin/sh
+# This script creates an L2TP tunnel and session, then adds the L2TP interface to bridge0
+
+# Create tunnel and session
+ip l2tp add tunnel tunnel_id 123456 peer_tunnel_id 123456 remote 200.1.0.4 local 200.1.0.3 encap ip
+ip l2tp add session tunnel_id 123456 session_id 789 peer_session_id 789
+
+# Change address to not conflict with l2tp interface of other wireguard peer
+ip link set l2tpeth0 address 9a:a5:d4:74:0c:d1
+
+# Bridge physical interface with L2TP interface
+ip link set l2tpeth0 master bridge0
+ip link set l2tpeth0 up

main-site/wireguard/privatekey

@@ -0,0 +1 @@
+aOz6wffcl6xWIiq+80aEd8PFrVpZ+npGM+j7OYGw+Eg=

main-site/wireguard/publickey

@@ -0,0 +1 @@
+XZ7QeWZINbYnH+rNVCsMCCaqw/KEJ628kh604NY4qHg=

main-site/wireguard/wg0.conf

@@ -0,0 +1,15 @@
+[Interface]
+Address = 192.168.1.1/29
+PrivateKey = aOz6wffcl6xWIiq+80aEd8PFrVpZ+npGM+j7OYGw+Eg=
+ListenPort = 52789
+
+# Disables automatic creation of route that would route AllowedIPs through wg0
+Table = off
+
+PostUp = /home/debian/scripts/create-bridge
+PostUp = /home/debian/scripts/create-l2tp
+
+[Peer]
+PublicKey = DxLbQIrfifZP1dUOLwmZXG5n7KtzQdtKl/XO/H82H28=
+PresharedKey = tU3+y1cEqzF0vOCnfFRPhJ24ejbD2HJWjir1aLhwtOA=
+AllowedIPs = 0.0.0.0/0

off-site/scripts/create-bridge

@@ -0,0 +1,24 @@
+#!/bin/sh
+#
+# This script is for creating a bridge interface, assigning an IP address, and adding physical interface ens1 to it.
+
+# Create bridge
+ip link add type bridge
+# name is non deterministic, fix
+ip address add 200.1.0.4/16 dev bridge0
+
+# Change bridge0 mac address to not conflict with bridge interface of other wireguard peer
+ip link set bridge0 address ee:3b:6b:e2:fc:b2
+
+# Add physical nic to bridge
+ip link set ens1 master bridge0
+ip link set ens1 up
+ip link set bridge0 up
+
+# Static Routes
+# default
+ip route add default via 200.1.0.1
+# to reach l2tp tunnel interface through wg0
+ip route add 200.1.0.3/32 via 192.168.1.1
+# to be able to reach wireguard peer over the internet
+ip route add 200.1.0.2/32 via 200.4.0.1

off-site/scripts/create-l2tp

@@ -0,0 +1,13 @@
+#!/bin/sh
+# This script creates an L2TP tunnel and session, then adds the L2TP interface to bridge0
+
+# Create tunnel and session
+ip l2tp add tunnel tunnel_id 123456 peer_tunnel_id 123456 remote 200.1.0.3 local 200.1.0.4 encap ip
+ip l2tp add session tunnel_id 123456 session_id 789 peer_session_id 789
+
+# Change address to not conflict with l2tp interface of other wireguard peer
+ip link set l2tpeth0 address ea:b1:1b:99:1b:a9
+
+# Bridge physical interface with L2TP interface
+ip link set l2tpeth0 master bridge0
+ip link set l2tpeth0 up

off-site/wireguard/privatekey

@@ -0,0 +1 @@
+kEMAv9NOhpYbH0JwFbplb0WoaOxOVkC2LkF5IQruF28=

off-site/wireguard/publickey

@@ -0,0 +1 @@
+DxLbQIrfifZP1dUOLwmZXG5n7KtzQdtKl/XO/H82H28=

off-site/wireguard/wg0.conf

@@ -0,0 +1,19 @@
+# /etc/wireguard/wg0.conf
+
+[Interface]
+Address = 192.168.1.2/29
+DNS = 1.1.1.1
+PrivateKey = kEMAv9NOhpYbH0JwFbplb0WoaOxOVkC2LkF5IQruF28=
+
+# Disables automatic creation of route that would route AllowedIPs through wg0
+Table = off
+
+PostUp = /home/debian/scripts/create-bridge
+PostUp = /home/debian/scripts/create-l2tp
+
+[Peer]
+PublicKey = XZ7QeWZINbYnH+rNVCsMCCaqw/KEJ628kh604NY4qHg=
+PresharedKey = tU3+y1cEqzF0vOCnfFRPhJ24ejbD2HJWjir1aLhwtOA=
+AllowedIPs = 0.0.0.0/0
+Endpoint = 200.1.0.2:52789
+PersistentKeepalive = 25